<!-- A sentence or two summarizing what this feature is and what it will do. This information is used for the overall feature summary page for each release. -->

<!-- A sentence or two summarizing what this feature is and what it will do. This information is used for the overall feature summary page for each release. -->

−

This project provide a set of daemons to manage access to remote directories and authentication mechanisms, it provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for projects like FreeIPA.

+

This project provides a set of daemons to manage access to remote directories and authentication mechanisms, it provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for projects like FreeIPA.

+

== Owner ==

== Owner ==

<!--This should link to your home wiki page so we know who you are-->

<!--This should link to your home wiki page so we know who you are-->

Line 20:

Line 21:

== Current status ==

== Current status ==

* Targeted release: [[Releases/11|Fedora 11]]

* Targeted release: [[Releases/11|Fedora 11]]

−

* Last updated: 2009-03-16

+

* Last updated: 2009-04-28

* Percentage of completion: 100%

* Percentage of completion: 100%

Line 73:

Line 74:

* Built in rawhide for beta freeze

* Built in rawhide for beta freeze

[[User:Sgallagh|Sgallagh]] 11:22, 16 March 2009 (UTC)

[[User:Sgallagh|Sgallagh]] 11:22, 16 March 2009 (UTC)

+

+

Update 4/28/2009

+

* InfoPipe was pulled from SSSD starting with 0.3.0 because it was incompatible with the needs of its consumers.

+

* SSSD at this time consists of the NSS and PAM improvements (Offline Use, Multiple NSS domains, LDAP connection pooling)

+

[[User:Sgallagh|Sgallagh]] 18:36, 28 April 2009 (UTC)

== How To Test ==

== How To Test ==

Line 150:

Line 156:

* A data provider front-end service for populating cache data from back-ends

* A data provider front-end service for populating cache data from back-ends

* One or more data provider back-end services for communicating with the network authentication service

* One or more data provider back-end services for communicating with the network authentication service

This project provides a set of daemons to manage access to remote directories and authentication mechanisms, it provides an NSS and PAM interface toward the system and a pluggable backend system to connect to multiple different account sources. It is also the basis to provide client auditing and policy services for projects like FreeIPA.

The SSSD is intended to provide several key feature enhancements to Fedora. The first and most visible will be the addition of offline caching for network credentials. Authentication through the SSSD will potentially allow LDAP, NIS, and FreeIPA services to provide an offline mode, to ease the use of centrally managing laptop users.

The LDAP features will also add support for connection pooling. All communication to the ldap server will happen over a single persistent connection, reducing the overhead of opening a new socket for each request. The SSSD will also add support for multiple LDAP/NIS domains. It will be possible to connect to two or more LDAP/NIS servers acting as separate user namespaces.

An additional feature of the SSSD will be to provide a service on the system D-BUS called InfoPipe. This service will act as a central authority on extended user information such as face browser images, preferred language, etc. This will replace the existing system consisting predominately of hidden configuration files in the user's home directory, which may not be available if the home directory has not yet been mounted by autofs.

The SSSD is being developed alongside the FreeIPA project. Part of its purpose will be to act as an IPA client to enable features such as machine enrollment and machine policy management. SSSD will provide a back-end to the newly redesigned PolicyKit for central management of policy decisions.

Additional components of the FreeIPA client will be dependent on this feature, however they are being developed concurrently and should not be negatively impacted.
The SSSD will have dependencies on glibc, D-BUS, libtalloc, libtevent, libtdb and libldb. At the time of this writing, we do not foresee any of these packages affecting our release.

We will complete the NSS and PAM portions of the SSSD first. If time does not permit completion of the additional components, they will be deferred to Fedora 12. In the unlikely event that the NSS and PAM portions of the SSSD are not ready for Fedora 11, they can be omitted with no harm to the release.